1. Technical Field
The present disclosure generally relates to addressing schemes, and, more particularly, to dynamically changing addresses of components in an imaging device to provide enhanced security.
2. Description of the Related Art
A shared bus system is typically one of the simplest ways to connect multiple components. In order to prevent multiple components from transmitting data at the same time, shared bus systems normally use a bus master to control access to the shared bus resource. A well known protocol for providing orderly data communications between a bus master and components connected to a shared bus resource is the Inter-Integrated Circuit (I2C) protocol. Each component is uniquely identified with an address. When the bus master initiates communications with a specific component, the address of the component is transmitted with a command on the shared bus during the initiation of the communication. While all of the components connected to the shared bus receive the command and the address from the bus master, only the component with the matching address responds to the command and sends back an acknowledgment to the bus master.
The security of communication systems utilizing the I2C communication protocols may be compromised. For example, if an authorized component were to be unplugged from the shared bus, the unauthorized component may be plugged in and programmed or wired to automatically assume the address of the authorized component that was unplugged. All that is needed by the unauthorized component to be connected to the shared bus resource is an active valid address that is available in the system. When this occurs and the bus master transmits that active address on the bus, the unauthorized component may communicate with and respond to the bus master without the bus master being aware of the unauthorized communications. However, this unauthorized activity may be thwarted by periodically changing the addresses of the components.
Existing methods that provide enhanced security employ dynamic address change operations. In such methods, the bus master periodically requests an authorized component to change its address to increase the difficulty for an unauthorized component to communicate with the bus master. This is accomplished by the bus master transmitting an address change command to the component without transmitting a new address and without the component transmitting its new address to the bus master, and the bus master running the same address change algorithm as the component to predict the new address in order to maintain address synchronization. In this manner, transmission of a new address for the component through the shared bus resource is avoided, and an attacker device sniffing traffic on the shared bus may be prevented from learning the new address.
There are, however, limitations to this solution that make it vulnerable to other forms of attack. For example, authorized components may need to reset their respective addresses to a default address after installation or during power-up. If authorized components utilize pseudorandom address generators, the generated pseudorandom sequences of addresses may be deterministic and reproducible such that the same series of addresses is generated after every instance of a reset or power-up. As a result, when authorized components have an invariable starting address, i.e. the default address, an attacker device may easily learn the progression of addresses of the authorized component. An unauthorized component may then be installed to replace the authorized component and act as a clone which can correctly respond with the same series of addresses as the authorized component.
Accordingly, there is a need to further enhance security by setting the address of an authorized component to a variable address on reset in order to prevent recurring series of to address changes after every reset and to keep an unauthorized component using a copied set of address changes from communicating with the bus master and acting as a clone of an authorized component.